{
  "version": "15.0.6",
  "vulnerabilities": [
    {
      "id": "c025e7a3-07c1-46d4-b535-0ea291cd205f",
      "category": "dependency_scanning",
      "name": "io.netty/netty - CVE-2014-3488",
      "message": "DoS by CPU exhaustion when using malicious SSL packets",
      "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
      "severity": "Unknown",
      "solution": "Upgrade to the latest version",
      "scanner": {
        "id": "gemnasium",
        "name": "Gemnasium"
      },
      "location": {
        "file": "app/pom.xml",
        "dependency": {
          "package": {
            "name": "io.netty/netty"
          },
          "version": "3.9.1.Final"
        }
      },
      "identifiers": [
        {
          "type": "gemnasium",
          "name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
          "value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
          "url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
        },
        {
          "type": "cve",
          "name": "CVE-2014-3488",
          "value": "CVE-2014-3488",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
        }
      ],
      "links": [
        {
          "url": "https://bugzilla.redhat.com/CVE-2014-3488"
        },
        {
          "url": "http://netty.io/news/2014/06/11/3.html"
        },
        {
          "url": "https://github.com/netty/netty/issues/2562"
        }
      ],
      "priority": "Unknown",
      "file": "app/pom.xml",
      "url": "https://bugzilla.redhat.com/CVE-2014-3488",
      "tool": "gemnasium"
    },
    {
      "id": "658b8848-bad0-4ea5-93fe-444171716261",
      "category": "dependency_scanning",
      "name": "Django - CVE-2017-12794",
      "message": "Possible XSS in traceback section of technical 500 debug page",
      "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
      "severity": "Unknown",
      "solution": "Upgrade to latest version or apply patch.",
      "scanner": {
        "id": "gemnasium",
        "name": "Gemnasium"
      },
      "location": {
        "file": "app/requirements.txt",
        "dependency": {
          "package": {
            "name": "Django"
          },
          "version": "1.11.3"
        }
      },
      "identifiers": [
        {
          "type": "gemnasium",
          "name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
          "value": "6162a015-8635-4a15-8d7c-dc9321db366f",
          "url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
        },
        {
          "type": "cve",
          "name": "CVE-2017-12794",
          "value": "CVE-2017-12794",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
        }
      ],
      "links": [
        {
          "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
        }
      ],
      "priority": "Unknown",
      "file": "app/requirements.txt",
      "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
      "tool": "gemnasium"
    },
    {
      "id": "b3d79a99-243a-4250-b09d-8809fc4f98d7",
      "category": "dependency_scanning",
      "message": "Directory traversal vulnerability in rubyzip",
      "cve": "Gemfile.lock:rubyzip:cve:CVE-2017-5946",
      "severity": "High",
      "solution": "upgrade to \\u003e= 1.2.1",
      "scanner": {
        "id": "gemnasium",
        "name": "gemnasium"
      },
      "location": {
        "file": "Gemfile.lock",
        "dependency": {
          "package": {
            "name": "rubyzip"
          },
          "version": "1.2.0"
        }
      },
      "identifiers": [
        {
          "type": "cve",
          "name": "CVE-2017-5946",
          "value": "CVE-2017-5946",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5946"
        }
      ],
      "links": [
        {
          "url": "https://github.com/rubyzip/rubyzip/issues/315"
        }
      ]
    },
    {
      "id": "f32f29c7-dc3e-4f0c-91c3-3cb5b18a7c42",
      "category": "dependency_scanning",
      "name": "ffi - CVE-2018-1000201",
      "message": "ruby-ffi DDL loading issue on Windows OS",
      "cve": "ffi:1.9.18:CVE-2018-1000201",
      "severity": "High",
      "solution": "upgrade to \\u003e= 1.9.24",
      "scanner": {
        "id": "gemnasium",
        "name": "gemnasium"
      },
      "location": {
        "file": "sast-sample-rails/Gemfile.lock",
        "dependency": {
          "package": {
            "name": "ffi"
          },
          "version": "1.9.18"
        }
      },
      "identifiers": [
        {
          "type": "cve",
          "name": "CVE-2018-1000201",
          "value": "CVE-2018-1000201",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
        }
      ],
      "links": [
        {
          "url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
        }
      ],
      "priority": "High",
      "file": "sast-sample-rails/Gemfile.lock",
      "url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
      "tool": "gemnasium"
    }
  ],
  "dependency_files": [

  ],
  "scan": {
    "analyzer": {
      "id": "gemnasium-maven",
      "name": "gemnasium-maven",
      "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven",
      "vendor": {
        "name": "GitLab"
      },
      "version": "2.18.0"
    },
    "scanner": {
      "id": "gemnasium-maven",
      "name": "gemnasium-maven",
      "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven",
      "vendor": {
        "name": "GitLab"
      },
      "version": "2.18.0"
    },
    "type": "dependency_scanning",
    "start_time": "2022-08-10T22:37:00",
    "end_time": "2022-08-10T22:37:00",
    "status": "success"
  }
}
